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AMENDMENTS TO THE CLAIMS 

This listing of claims replaces all prior versions, and listings, of claims in the application: 

1 . (Previously Presented) A method of dynamically protecting access to a first 
network, comprising: 

receiving, in a system, a data unit containing a source address indicating a source 

of a data unit; 

matching the source address with information stored in the system; 

enabling entry of the data unit to the first network for communication to a 
destination device on the first network if the source address matches the information stored in the 
system and denying entry of the data unit to the first network if the source address does not 
match the information stored in the system, 

wherein the destination device is separate from the system^ 

detenriining whether the data unit contains an identifier of a codec type that 
matches a stored codec type; and 

indicating occurrence of an attack of the first network in response to determining 
that the identifier is of a codec type that does not match the stored codec type. 

2. (Original) The method of claim 1 , wherein matching the source address with the 
information comprises matching the source address with one or more entries of a network 
address translation mapping table. 

3. (Original) The method of claim 1, wherein matching the source address 
comprises matching an Internet Protocol address. 

4. (Cancelled) 
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1 5. (Previously Presented) A method of dynamically protecting access to a first 

2 network, comprising: 

3 receiving, in a system, a data unit containing a source address indicating a source 

4 of the data unit; 

5 matching, by an address filter in the system, the source address with information 

6 stored in the system; 

7 enabling, by the address filter, entry of the data unit to the first network if the 

8 source address matches the information stored in the system and denying entry of the data unit to 

9 the first network if the source address does not match the information stored in the system; and 

10 determining, by a protocol filter, if the data unit contains a payload according to a 

1 1 predetermined protocol, and denying, by the protocol filter, entry of the data unit if the data unit 

12 does not contain payload according to the predetermined protocol. 

1 6, (Original) The method of claim 5, wherein determining if the data unit contains a 

2 payload according to the predetermined protocol comprises determining if the data unit contains 

3 a payload according to a Real-Time Protocol or Real-Time Control Protocol. 

1 7. (Previously Presented) A method of dynamically protecting access to a first 

2 network, comprising: 

3 receiving, in a system, a data unit containing a source address indicating a source 

4 of a data unit; 

5 matching the source address with information stored in the system; 

6 enabling entry of the data unit to the first network if the source address matches 

7 the information stored in the system and denying entry of the data unit to the first network if the 

8 source address does not match the information stored in the system; and 

9 storing profile information for a call session, and determining if an unauthorized 
10 access of the first network is occurring based on the profile information. 
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J 8. (Original) The method of claim 7, wherein storing the profile information 

2 comprises storing a threshold representing a maximum acceptable rate of incoming data units 

3 from an external network to the first network. 

1 9. (Original) The method of claim 8, further comprising calculating a value for the 

2 threshold based on a frame size used in the call session. 

1 10. (Original) The method of claim 8, wherein storing the profile information further 

2 comprises storing a pattern expected in incoming data units. 

1 J 1 • (Original) The method of claim 10, wherein storing the pattern comprises storing 

2 a codec type used in the call session. 

1 12. (Original) The method of claim 8 T further comprising generating an alarm if the 

2 system detects a rate of incoming data units from the external network to the fust network 

3 exceeding the threshold. 

1 13. (Original) The method of claim 8, further comprising denying further transport of 

2 incoming data units from the external network to the first network for the call session if the 

3 system detects a rate of incoming data units from the external network to the first network 

4 exceeding the threshold. 

1 14.-18. (Cancelled) 
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1 19. (Previously Presented) An article comprising at least one storage medium 

2 containing instructions for protecting a first network, the instructions when executed causing a 

3 system to: 

4 determine if a rate of incoming data units from an external network to the first 

5 network exceeds a predetermined threshold; 

6 perform a security action if the determined rate of incoming data units exceeds the 

7 predetermined threshold; and 

8 determine if each incoming packet has a predetermined pattern, 

9 wherein the instructions when executed cause the system to determine if each 

10 incoming packet has the predetermined pattern by checking if each incoming packet has an 

1 1 indication of a predetermined codec type. 

1 20.-24. (Cancelled) 

1 25. (Previously Presented) A system for use in communications between a first 

2 network and an external network, comprising; 

3 a storage module to store a threshold value for a communications session, the 

4 threshold value representing an acceptable rate of incoming data units from the external network 

5 to the first network; and 

6 a controller adapted to deny further entry of data units from the external network 

7 to the first network in the communications session in response to the controller detecting that the 

8 rate of incoming data units exceeds the threshold value, 

9 the storage module to further store a codec type for the communications session, 

10 wherein the controller is adapted to deny entry of an incoming data unit if the incoming data unit 

1 1 does not contain an indication of the codec type. . 

J 26. (Cancelled) 
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